1、修改kibana的配置文件

[root@host app]# vim /etc/kibana/kibana.yml #在配置文件的最后添加如下内容
tilemap.url: 'http://webrd02.is.autonavi.com/appmaptile?lang=zh_cn&size=1&scale=1&style=7&x={x}&y={y}&z={z}'

重启kibana服务、

2、安装logstash的geoip插件

使logstash可以获取到国家及城市信息

[root@beijing app]#/usr/share/logstash/bin/logstash-plugin install logstash-filter-geoip

3、编辑logstash配置文件

[root@beijing app]#vim /etc/logstash/conf.d/test.conf 
input {
     file {
          path => ["/var/log/httpd/access_log"]
          start_position => "beginning"
           }
}

filter {
      grok {
         match => {
                  "message" => "%{HTTPD_COMBINEDLOG}"
                  }
                  # remove_field => "message"
                  add_field => ["[@metadata][zabbix_host]","beijing.zhangdazhi.com"]
                  add_field => ["[@metadata][zabbix_key]","logstash.key"]
          }
     geoip {
       source => "clientip"
       target => "geoip"
       database => "/app/GeoLite2-City_20180102/GeoLite2-City.mmdb"
       add_field => ["[geoip][coordinates]","%{[geoip][longitude]}"] #添加字段coordinates，值为经度
     add_field => ["[geoip][coordinates]","%{[geoip][latitude]}"] #添加字段coordinates，值为纬度
          }
    mutate {
            convert => [ "[geoip][coordinates]", "float"] #转化经纬度的值为浮点数
                }
}
output {
       elasticsearch {
                    hosts => ["http://66.112.215.110"]
                    index => "logstash-apache-access-% {+YYYY.MM.dd}" #注意索引名称一定要以logstash-或者logstash_开头，不然kibana中创建地图时识别不了
                    action => "index"
                    document_type => "apache_logs"
                   }
}

重启logstash

4、在kibana上的设置

image.png

image.png